Re: Sql injection attacks - Mailing list pgsql-general

From Mage
Subject Re: Sql injection attacks
Date
Msg-id 41049FE3.1070600@mage.hu
Whole thread Raw
In response to Re: Sql injection attacks  (Bill Moran <wmoran@potentialtech.com>)
Responses Re: Sql injection attacks
List pgsql-general
Bill Moran wrote:

 >
 >
 >Simply put:
 >1) If the untrusted value is a string, using a proper escape sequence
should
 >   make it safe.
 >
 >
in pgsql (and mysql) you can escape almost everything.

update table set a = '5' is corrent, even is column a is integer type.
You can't escape the null value.

      Mage





pgsql-general by date:

Previous
From: Greg Stark
Date:
Subject: Re: Sql injection attacks
Next
From: "Magnus Hagander"
Date:
Subject: Re: Sql injection attacks